Minifactorum GDPR Policy

Minifactorum

GDPR and its use in our
Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US/EU (GDPR) privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

 What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other details to help you with your experience and provide us with feedback on our products or services

When do we collect information?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, Use Live Chat, Open a Support Ticket or enter information on our site.

Definitions

  • Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.
  • Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

Responsibility

  • Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld.
  • All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the Company or local concerns.

 

WHAT INFORMATION DO WE COLLECT?

The information Minifactorum collects is required for the purpose of creating Membership Accounts and for you to enrol in our Incubator space. This Information allows you to be identified as and an Identifier of membership of Minifactorum and so includes:

  • Name, date of birth, gender, e-mail address, postal address, telephone number, gaming types, Interests, banking details – (See below), health declaration with regards you require disabled access or special needs.
  • Credit, Debit card, Direct Debit information, relevant information about your bank account number and sort code or other banking information. Please Note that we do not store your bank or credit card details on our web servers
  • Your usage records and duration of visits with regards Minifactorum Site, venues and events.
  • Your contacts with us, such as a note or recording of a call you make to our contact centre, an email or other records of any contact you have with us
  • Your membership information – such as dates of payment owed and received, the services you use and any other information related to your account
  • Your particular preferences for particular products, Games, Services or interests when you tell us what they are; – or when we assume, deduce what they are, depending on how you and your use of Minifactorum products and services

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Higher Levels

The kind of information we hold about you Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.

  • Next of kin, emergency contact and death benefit nominee(s) information.
  • Bank account details, and tax status information. 
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process). 
  • Performance and behavioural information. 
  • Disciplinary and grievance information. 
  • Secondary employment and volunteering information 
  • CCTV footage and other information obtained through electronic means such as swipe card records, digital fingerprints in system, cookies, electronic data.
  • Information about your use of our information and communications systems. 
  • Photographs, videos. 
  • Accident book, first aid records, injury at work and third party accident information. 
  • Evidence of how you meet the Minifactorum rules and confirmation of your security/Induction/tool clearance. This can include personal details, details and information about allegations of criminal, inappropriate, gross misconduct or aberrant behaviour.  

How do we use your information?

We will use your personal information to provide you with the best services, products or information that you have requested, for Minifactorum administration purposes, to improve your website experience, and marketing. We may need to share your information with our service providers, associated organisations and agents for these purposes.  

We may use the information we collect from you within our privacy policy when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features both physical and electronic in the following ways:

  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  •  To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To administer a contest, promotion, survey or other site feature.
  • To quickly process your transactions.
  • To process your access to certain 
  • To ask for ratings and reviews of services or products
  • To follow up with them after correspondence (live chat, email or phone inquiries)

Minifactorum may need to share your information with our service providers, associated organisations and agents for these purposes.  We may use your information to engage in or with the following but not limited to:

  • Carry out an identity check as part of your membership application and is NOT a credit check.
  • Process and store your membership application through our membership software.
  • Charge you for using our services as part of your membership terms
  • Confirm your attendance to sessions and appointments
  • Keep you informed about our services including operational matters relating to your Membership
  • To Detect and Prevent and fraud or other crimes
  • To allow you to monitor your usage in your member’s area
  • To allow us to understand how you use our services, to help us develop relevant and updated services that better suit you
  • Carry out research and statistical analysis to monitor how customers use Minifactorum services
  • Provide relevant services to you
  • To share event photos on our social media platforms and website (within the rights and terms of project, requirements, such as Advertising, safety policies, Health and safety policies, NDA’s, contractual obligations) (Your permission will be undertaken within the T&C’s or Minifactorum rules)
  • Contact you with relevant offers, promotions, based upon our analysis of how you/ your business uses our services and what Minifactorum think will be of interest to you (unless you opt-out of our marketing messages)
  • Respond to any questions or concerns you might have about our services or those that operate here.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution. 
  • To conduct data analytics studies to review and better understand employee retention and attrition rates. 

Some of the purposes will overlap and there can be several grounds which justify our use of your personal information. If you fail to provide personal information If you fail to provide certain information when requested, we will not be able to fully perform the contract we have entered with you (such as paying you or providing a benefit), or we could be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers/members). 

Where Minifactorum processes your personal data based on your consent you have the right to withdraw consent at any time, for example, your consent to receive direct marketing. If you no longer wish to receive marketing messages from Minifactorum, then please visit your profile section within the Member’s Area of the website where you can opt out. You can choose to opt out of all marketing or select your specific marketing preferences. Alternatively, if you’re no longer a member, and wish to remove your consent to receive marketing content please contact Minifactorum by email to https://minifactorum.com

We’ll store your information for as long as you are a Member or follower of Minifactorum, or, following cancellation and to meet all relevant legal requirements including financial audits, money laundering and anti-fraud regulations we will store your information for a time period of no more than ten (10) years from the last activity on the account. An ‘activity’ can be classified as access into Minifactorum services, systems, or facilities including events, payment made on the membership account or a comment added to the membership following contact with Minifactorum.

Minifactorum may contact you about our services during this ten (10) years if you haven’t opted out of receiving marketing communications from us in order for us to provide you with up to date relevant information via Mailing lists, Newsletters and other communications.

Mailing list

  • We will maintain a mailing list. This will include the names and contact details of people who wish to receive , publicity and fundraising appeals from Minifactorum.
  • When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give separate consent to receive publicity and fundraising messages, and will only send them messages which they have expressly consented to receive.
  • We will not use the mailing list in any way that the individuals on it have not explicitly consented to.
  • We will provide information about how to be removed from the list with every mailing.
  • We will use mailing list providers who store data within the EU.

Supporting individuals

  • From time to time, individuals contact the Company to ask us to help them resolve an issue they are having with the council, relating to their housing or other local services.
  • We will request explicit, signed consent before sharing any personal details with the council or any other relevant third party.
  • We will not keep information relating to an individual’s personal situation for any longer than is necessary for the purpose of providing them with the support they have requested.
  • Personal data relating to housing issues will be stored securely by a member of the committee, and not shared among the rest of the committee or with other volunteers unless necessary for the purpose of providing the support requested.
  • Details relating to individual’s circumstances and housing will be treated as strictly confidential.

Selling merchandise

  • We make and sell calendars and cards featuring photos of the local neighbourhood, to help raise money for the Company or local concerns.
  • To order calendars and cards, people complete an order form on our website, which includes providing a name and address for the items to be delivered to.
  • When ordering, people will be asked if they wish to be added to our mailing list (see section 3). If they do not opt to be on the mailing list, their details will be deleted within one month of processing their order, and will not be used for any purpose other than communicating with them about their order.

Contacting volunteers

  • Local people volunteer for Minifactorum in a number of ways.
  • We will maintain a list of contact details of our recent volunteers. We will share volunteering opportunities and requests for help with the people on this list.
  • People will be removed from the list if they have not volunteered for the Company or local concerns for 12 months.
  • When contacting people on this list, we will provide a privacy notice which explains why we have their information, what we are using it for, how long we will keep it, and that they can ask to have it deleted or amended at any time by contacting us.
  • To allow volunteers to work together to organise for the Company or local concerns, it is sometimes necessary to share volunteer contact details with other volunteers. We will only do this with explicit consent.

How do we protect your information?

Our website and hardware IT systems are scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware and Virus software Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

For your convenience we may store your credit card information kept for more than 60 days in order to expedite future orders, and to automate the billing process.

Will we disclose the information to Outside Parties??

We may choose to share information about you with:

  • Registered Service providers, authorised agents and associated organisations to allow us to service your membership and communicate with you more efficiently; for example, we might use  financial institutions to process payments, Organisations and businesses whose services you are engaged with, I.e Governmental bodies, Charities, Insurance companies, Health and Safety organisations, feedback and freelance teachers/trainers when you sign up to classes or courses
  • Law enforcement agencies, regulatory organisations, courts or other public authorities where we have a legal obligation to do so
  • There can be rare occasions where it becomes necessary to use your personal information to protect your interests (or someone else’s interests).
  • Education, training and development requirements.
  • Complying with health and safety obligations. 
  • Education, training and development requirements.
  • Dealing with Freedom of Information Act/Environmental Information Regulations requests 
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work. 

We’ll release information if it’s reasonable for the purpose of protecting Minifactorum against fraud, defending our rights or property, or to protect the interests of our customers. If we’re reorganised or sold to another organisation, we may transfer any personal information we hold about you to that organisation. We will inform you if we do.

 

 

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify you via email

  • Within 7 business days

We will notify the users via in-site notification

  • Within 7 business days

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

The General Data Protection Regulation

2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. A Definition of GDPR (General Data Protection Regulation) The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data.

Three articles within the GDPR address the privacy notice requirement:

  • Article 12 — Information about data collection, storage, and transfer must be presented to users in writing.
  • Article 13 — If you collect users’ data, you need to provide them with certain information, such as your contact details and data-processing purposes.
  • Article 14 — When data is not directly collected from the user, you need to provide details about relevant partners, affiliates, or third parties

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Process orders and to send information and updates pertaining to orders.
  • Send you additional information related to your product and/or service
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CAN-SPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honour opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can email us at

  • Follow the instructions at the bottom of each email.

and we will promptly remove you from ALL correspondence and within our privacy policy

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information Under certain circumstances, by law you have the right to: 

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is nogood reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 
    • Note we may not always be able to comply with this request due to outside obligations and requests, We will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. 
    • Deletion of your information may impact your ability to access and engage with the site and its facilities, due to our policies and site safety, including inductions and machine safety induction completion.
  • Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

No fee usually required 

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we are allowed under the law to charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we can refuse to comply with the request in such circumstances. 

What we need from you

We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. 

Data Protection Officer 

We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the (Admin and Communications manager through our site contact links) You have the right to make a complaint at any time to Minifactorum data Protection officer, the UK supervisory authority for data protection issues.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

 

Minifactorum

Site Contact Points

Email

Social Media

Changes to this privacy notice 

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.